China Telecom diverting internet traffic to and through North America

It may seem that I am beating up on a certain country all the time, for unknown reasons of my own, but in fact I am just relaying the accelerating flurry of reports of official misbehavior by that country’s government and state-owned corporations. Now we learn that, allegedly, China Telecom – one of the big three state-owned telecom providers – has hacked North America’s internet infrastructure (PDF link):

China Telecom has ten strategically placed, Chinese controlled internet ‘points of presence’ (PoPs) across the internet backbone of North America. Vast rewards can be reaped from the hijacking, diverting, and then copying of information-rich traffic going into or crossing the United States and Canada – often unnoticed and then delivered with only small delays. […]

Over the past few years, researchers at BGProtect LTD based on the DIMES project [DIMES] at the Tel Aviv University built a route tracing system monitoring the BGP announcements and distinguishing patterns suggesting accidental or deliberate hijacking across many routes simultaneously and with a granularity down to the individual city. Using this technique, the two authors of this paper noticed unusual and systematic hijacking patterns associated with China Telecom. […]

Using these numerous PoPs, CT has already relatively seamlessly hijacked the domestic US and cross-US traffic and redirected it to China over days, weeks, and months as demonstrated in the examples below. The patterns of traffic revealed in traceroute research suggest repetitive IP hijack attacks committed by China Telecom. While one may argue such attacks can always be explained by ‘normal’ BGP behavior, these, in particular, suggest malicious intent, precisely because of their unusual transit characteristics – namely the lengthened routes and the abnormal durations. The following are a set of such unusual cases.

An article summarizes:

In 2016, China Telecom diverted traffic between Canada and Korean government networks to its PoP in Toronto. From there, traffic was forwarded to the China Telecom PoP on the US West Coast and sent to China, and finally delivered to Korea.

Normally, the traffic would take a shorter route, going between Canada, the US and directly to Korea. The traffic hijack lasted for six months, suggesting it was a deliberate attack, Demchak and Shavitt said.

Demchak and Shavitt detailed other traffic hijacks, including one that saw traffic from US locations to a large Anglo-American bank’s Milan headquarters being terminated in China, and never delivered to Italy, in 2016.

During 2017, traffic between Scandinavia and Japan, transiting the United States, was also captured by China Telecom, ditto data headed to a mail server operated by a large Thai financial company.

Interestingly, a 2015 Obama-Xi agreement aimed at stopping cyber IP theft by military forces appears to have been somewhat successful. But the agreement did not cover activities by Chinese corporations, and apparently nobody considered the security risks of allowing China Telecom to operate major internet nodes throughout North America. China does not allow US-based ISPs to control pieces of its internet infrastructure in China. Perhaps it’s time for the US and Canada to learn from China’s example.

China Telecom PoP North America

China Telecom’s presence in North America (Source)

This looks promising

Tim Berners-Lee

Tim Berners-Lee (Source)

The inventor of the World Wide Web is working on his second act — a radically new, decentralized internet:

This week, Berners-Lee will launch Inrupt, a startup that he has been building, in stealth mode, for the past nine months. Backed by Glasswing Ventures, its mission is to turbocharge a broader movement afoot, among developers around the world, to decentralize the web and take back power from the forces that have profited from centralizing it. In other words, it’s game on for Facebook, Google, Amazon. For years now, Berners-Lee and other internet activists have been dreaming of a digital utopia where individuals control their own data and the internet remains free and open. But for Berners-Lee, the time for dreaming is over.

“We have to do it now,” he says, displaying an intensity and urgency that is uncharacteristic for this soft-spoken academic. “It’s a historical moment.” Ever since revelations emerged that Facebook had allowed people’s data to be misused by political operatives, Berners-Lee has felt an imperative to get this digital idyll into the real world. In a post published this weekend, Berners-Lee explains that he is taking a sabbatical from MIT to work full time on Inrupt. The company will be the first major commercial venture built off of Solid, a decentralized web platform he and others at MIT have spent years building. […]

The difference here is that, on Solid, all the information is under his control. Every bit of data he creates or adds on Solid exists within a Solid pod–which is an acronym for personal online data store. These pods are what give Solid users control over their applications and information on the web. Anyone using the platform will get a Solid identity and Solid pod. This is how people, Berners-Lee says, will take back the power of the web from corporations.

Sounds good to me.

IHOP Knows About Bigfoot

A prime example of the lunacy of Twitter is the account “IHOP Knows About Bigfoot” (@IHOPKnows), which I have just had the misfortune of stumbling upon. The account has published only 10 tweets but already has over 1,800 followers. How many of the followers are fake? Is this a weird marketing ploy by the pancake chain?

The account’s inaugural tweet juxtaposes a map of Bigfoot report locations against a map of IHOP’s restaurant empire, hinting at a vast conspiracy:

Make the madness stop!

Faceborg’s war on human nature

Two items on the metastasizing, Borg-like entity known as Facebook recently caught my eye.

First:

Facebook just announced sweeping changes to fix significant problems with its newsfeed, the main conduit for news and information for over 2 billion people. However, the problems with Facebook’s newsfeed won’t be fixed with these tweaks. In fact, they are likely to get much worse as Facebook attempts to fix them. […]

To see why failure was (and will continue to be) inevitable, let me recast the situation:

  • Facebook is actively micromanaging the information flow and social interactions of over 2 billion people, and insanely complex and highly uncertain task.
  • Facebook is making the sweeping decisions on how to micromanage the newsfeed centrally (with a small team of young executives empowered to relentless tweak the system by the dictatorial fiat of the company’s CEO).
  • Facebook’s goals are a selfish utopianism (in its version utopia, the world revolves around Facebook).

The Current Year is very weird, when you think about it. The idea of a “small team of engineers in Menlo Park,” led by this guy –

– controlling the main spigot of news and information for over one-quarter of the human race is like something out of a cheesy sci-fi movie. Yet, it is not far from the reality.

The right thing for Facebook to do here would be to drop all the micromanagement and simply let each user control his/her own News Feed experience by default, with a full set of tools and filters. No shady algorithm controlling what you see. No censorship except of spam and illegal content.

This would probably require some adjustments to Facebook’s business model, as the News Feed accounts for 85% of the company’s revenue. I suspect, though, that the core reason Facebook insists on controlling that spigot has nothing to do with money.

Second:

In everyday life, we tend to have different sides of ourselves that come out in different contexts. For example, the way you are at work is probably different from the way you might be at a bar or at a church or temple. […] But on Facebook, all these stages or contexts were mashed together. The result was what internet researchers called context collapse. […]

In 2008, I found myself speaking with the big boss himself, Facebook CEO Mark Zuckerberg. I was in the second year of my PhD research on Facebook at Curtin University. And I had questions.

Why did Facebook make everyone be the same for all of their contacts? Was Facebook going to add features that would make managing this easier?

To my surprise, Zuckerberg told me that he had designed the site to be that way on purpose. And, he added, it was “lying” to behave differently in different social situations.

Up until this point, I had assumed Facebook’s socially awkward design was unintentional. It was simply the result of computer nerds designing for the rest of humanity, without realising it was not how people actually want to interact.

The realisation that Facebook’s context collapse was intentional not only changed the whole direction of my research but provides the key to understanding why Facebook may not be so great for your mental health.

To me, the experience of using Facebook is akin to being in a room filled with everyone I know, yammering away at high volume. It’s unpleasant, and I avoid it as much as possible.

I remember when Zuckerberg infamously said that “Having two identities for yourself is an example of a lack of integrity.” I recall being very creeped out by that sentiment. It’s deeply totalitarian, similar to the argument that “If you’ve got nothing to hide, you’ve got nothing to fear”; i.e. that only criminals or bad people desire privacy. It also flies in the face of some basic observations about human behavior.

The question is, will users put up with forced “context collapse” and micromanagement of the News Feed over the long run, or will they revolt against this form of paternalistic social engineering? I’m betting on the latter.

Murder with a smile

Turning that frown upside-down

If this doesn’t spook you just a little, well… you’re not easily spooked:

Retired NYPD detectives Anthony Duarte and Kevin Gannon held a press conference in 2008 to make the public aware of a dozens of deaths that are officially listed as accidental drownings, deaths that the two former cops allege are actually murders linked to one another. “I believe we’re looking at an organized group that has a hierarchy and is involved in murder and other criminal activity,” Gannon said. Such a revelation would, if true, re-write a large portion of what we think we know about criminology. Experts would tell us that serial killers don’t work together in teams, in fact in extremely rare instances we have only seen them work in pairs.

I read the full article on a day when the paywall was down. Unfortunately, it’s back up. Anyway, the Zebra murders that gripped San Francisco in 1973-74 are proof that semi-clandestine, murderous cults can exist, although the alleged Smiley Face Killers would appear to be a (big) step up from anything we’ve seen before in terms of both secrecy and competence.

The author’s hypothesis that the arrival of the internet explains why the Smiley Face Killings began in earnest around 1997 is interesting and reminded me of this essay from 10 years ago about the rise of anonymous group suicide in Japan.

The most spectacular manifestation of Japan’s exploding suicide culture, Internet group suicide, is unique in that it is rooted in the technologies of the computer age and has no meaningful precedent in traditional Japanese social behavior.

Given its role in fostering a wide variety of social pathologies, some of which seem entirely capable of destroying civilization, I would argue that the jury is still out on whether the invention of the internet was overall a Good Thing for humanity.

They are not amused

One of the noteworthy aspects of the viral outrage over the recent involuntary deplaning incident on the United Airlines flight (see here) is the Chinese reaction. From Jeffrey Towson, Professor at Peking University and author of the excellent The One Hour China Book:

  • The video was viewed online between 200-300M times in China.
  • It resulted in over a 100,000 comments, most all negative.
  • It became the top trending story on Weibo.
  • Petitions calling for a boycott of United Airlines went viral on Wechat.
  • Chinese media jumped in and it became a top news story everywhere in China. The People’s Daily ran photos of the man’s bloodied face and openly criticized the airline.
  • Prominent Chinese began lambasting the company. JD.com CEO Richard Liu said “…United is the worst airline, not one of the worst.”

[…] What we can conclude is that United Airlines was caught by surprise. Yet another multinational has suddenly realized that not only are Chinese consumers a big economic phenomenon, they are also a demographic that is paying close attention. This huge middle class is watching and listening all the time. They know what happens in the USA and can react within minutes. And this is not limited just to famous companies like United and KFC. If you have a bed and breakfast in Vermont, I guarantee you there are Chinese reviews and discussions about your hotel.

The combination of the growing economic power of Chinese middle-class consumers, and the instant worldwide spasms of attention (either positive or negative) that social media can generate, will prove rather disruptive to many businesses in the coming years.

Could China take over the internet?

Epoch Times thinks so:

In November 2014, Li Yuxiao, a research fellow at the Chinese Academy of Cyberspace, stated, according to the state-run China Daily: “Now is the time for China to realize its responsibilities. If the United States is willing to give up its running of the internet sphere, the question comes as to who will take the baton and how it would be run.

“We have to first set our goal in cyberspace, and then think about the strategy to take, before moving on to refining our laws,” he said.

Li is now the head of a department designed to enforce the Chinese regime’s laws on technology companies. His comments are tied to a process announced by the United States in 2014 to relinquish control of the internet by ending the contract between the U.S. Department of Commerce and the Internet Corporation for Assigned Names and Numbers (ICANN).

This process is now nearing its completion, with a deadline of Oct. 1.

US News has a good article spelling out some of the practical implications of the US government ceding control of the core technical functions of the internet:

Additionally, while it is true ICANN has not played a direct censorship role in other countries, there is the potential for future problems. Currently, a number of countries – including Russia and China – have the power to restrict access to specific websites within their territorial borders, but cannot do so globally. But what if these authoritarian regimes, via their positions on the GAC [Governmental Advisory Committee], gained a consensus and proposed to the ICANN board that no explicitly anti-government website domain name (for example, www.stopthePRC.com) can be created because it could have domestic security implications? The special advisory power of the GAC states that even overruled proposals must “attempt to reach a mutually acceptable solution,” so a watered-down version of any censorship initiative could still be enacted after initial rejection by the board.

Similarly, what if the Chinese government had the power to pressure ICANN board members to edit the internet address book and remove a website that might be troublesome for its leadership? That sort of broad and egregious censorship cannot occur under U.S. stewardship today.

Second, although difficult to accomplish, after the transition it is possible for ICANN’s bylaws to be changed, which would allow anything from a change in location to a change in functioning – and the U.S. would no longer have any regulatory power to prevent it. Additionally, if ICANN moved to Switzerland, as has been proposed, it would no longer be a California corporation and might fall outside the jurisdiction of impartial American courts.

It is not at all clear to me how the global internet will be “better off” under the stewardship of a collection of hundreds of national governments, corporations, and advocacy groups, than under the US Department of Commerce. It’s even less clear how changing the status quo would serve American interests. The only real benefit seems to be positive PR; according to The Wall Street Journal in 2014:

So why is this happening? Couldn’t they just leave things the way they were? The main goal is to reassure other countries that the U.S. isn’t secretly controlling the structure of the Internet. To the extent American businesses have been damaged by the Edward Snowden disclosures, especially those offering cloud and other online services, this is a move aimed at repairing the relationship between the U.S. and other countries on Internet issues.

Make no mistake, this is a concession by the U.S. While the Commerce Department rarely intervened publicly in ICANN’s affairs, the implicit threat of its ability to do so will be gone.

“Reassuring other countries,” while desirable in itself, doesn’t strike me as a compelling enough reason for the US to irrevocably give up the keys to the global internet.